From patchwork Thu Mar 29 16:20:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kirill Tkhai X-Patchwork-Id: 10315669 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 921546037E for ; Thu, 29 Mar 2018 16:21:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E1642A2DB for ; Thu, 29 Mar 2018 16:21:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 727F72A43A; Thu, 29 Mar 2018 16:21:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AB0FD2A2DB for ; Thu, 29 Mar 2018 16:21:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752216AbeC2QUv (ORCPT ); Thu, 29 Mar 2018 12:20:51 -0400 Received: from mail-eopbgr20098.outbound.protection.outlook.com ([40.107.2.98]:64673 "EHLO EUR02-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751862AbeC2QUq (ORCPT ); Thu, 29 Mar 2018 12:20:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=S8unWSL25mic1s+GgtvJQapLSo1HqvWW7E5a85oxEc0=; b=U+M/UNW5LVjUiSK4PrXh1v2Xgjvm6li/8PaWYkU7llgs13m1uAxeGeCudrp1IO5ko6zeAioQ69NdtOzkuTqGdC/CF4cQ4RDuE+vOQedJGPukE7EOVCbGKjG2UJwmOUJb4nYHt5TvqNMXeZMQHGVsRXz38DKFldTWKfuXYlT+Rkg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ktkhai@virtuozzo.com; Received: from localhost.localdomain (195.214.232.6) by AM5PR0801MB1329.eurprd08.prod.outlook.com (2603:10a6:203:1f::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.10; Thu, 29 Mar 2018 16:20:36 +0000 Subject: [PATCH net-next 1/5] net: Introduce net_rwsem to protect net_namespace_list From: Kirill Tkhai To: dledford@redhat.com, jgg@ziepe.ca, davem@davemloft.net, pablo@netfilter.org, kadlec@blackhole.kfki.hu, fw@strlen.de, pshelar@ovn.org, johannes@sipsolutions.net, paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, jmorris@namei.org, serge@hallyn.com, leon@kernel.org, yuval.shaia@oracle.com, parav@mellanox.com, danielj@mellanox.com, ktkhai@virtuozzo.com, majd@mellanox.com, nicolas.dichtel@6wind.com, vyasevic@redhat.com, paulmck@linux.vnet.ibm.com, vyasevich@gmail.com, gregkh@linuxfoundation.org, daniel@iogearbox.net, jakub.kicinski@netronome.com, ast@kernel.org, brouer@redhat.com, linux@rasmusvillemoes.dk, john.fastabend@gmail.com, dsahern@gmail.com, jiri@mellanox.com, idosch@mellanox.com, vvs@virtuozzo.com, avagin@virtuozzo.com, roman.kapl@sysgo.com, lucien.xin@gmail.com, christian.brauner@ubuntu.com, jbenc@redhat.com, pombredanne@nexb.com, linux-rdma@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, dev@openvswitch.org, linux-wireless@vger.kernel.org, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org Date: Thu, 29 Mar 2018 19:20:32 +0300 Message-ID: <152234043276.19153.12772428640357395360.stgit@localhost.localdomain> In-Reply-To: <152234005959.19153.17907173734141707348.stgit@localhost.localdomain> References: <152234005959.19153.17907173734141707348.stgit@localhost.localdomain> User-Agent: StGit/0.18 MIME-Version: 1.0 X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR0401CA0060.eurprd04.prod.outlook.com (2603:10a6:3:19::28) To AM5PR0801MB1329.eurprd08.prod.outlook.com (2603:10a6:203:1f::7) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 25076468-3e42-41a5-2a69-08d5959102a0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:AM5PR0801MB1329; X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB1329; 3:LeO+cl2D3V7kqJ8Lr2LIHcEfWRnVKbD8Cd9IVjVlRlt4L1qqq3I/F7Dn//y4sGriJGNXMFycrdrSdIGb0cASNqqd5943sqZjy0uhhVaq+TjmyIpp2LOukuarUmEUdqH/8jjoQ2dQST2KXNDkLMIOuCF2uJJoZVPLDeB7wlmaJL4bGMq/GcxeEMGXe1eACGlEg+Rp/106Kmmhn+Aczo6IljcDH9ka+G6ccepBRjA28LX08omlPQHBpNEPSbKqaRWf; 25:iY5mcUY7JcpKo7fBFunqCuSMeruzcRj1AimPx1IO4pGzpjZHc/cLUvgiQWKidQ8y0DM581H3wZFiHu2wR2TZ/cjgbtl/7xB1r4mq9QAng6pydztvFpe/D93PTpfZwdGgbNrQu3qpVeXwbB3oKMCjQKerlDABW+GXokAB6IqfdQgNQLHO6hKKbI6pKqngSDA5Aea/je9hvEmIUOEbkXSvoJlRlBFHMNnnXxdjeEpmoZd3bAkTJB1d3e/AbaKjsQtkwpEnVanZYb48PQX37oSNk8bsi2S7wBzje9LUeYHgvJiLBDw2mSiqq8fjpGps0sYQM2P73GHsAisLNB/s7nW5GA==; 31:a/5wH3jEZmMpKrHL7ukbYohphKkui95wB4bSgcDgIzg1Y2OCVoP12eFrgvloinx/jkeI/ndaOM8EMLULTI4iuhH/oxMgTafpfBKMLiy+GucEQx51ruLuFKGfIVkhQK5YBlh5XB014uzF8FAfO0wbCywv5LxaNRfHCkN7CYL+71SAUUV2Km7ZOmTD75EQ1m3DBXlgYIsKQd3fDhazGSaw5ciNeikgKXgm+VG5H3EsFbs= X-MS-TrafficTypeDiagnostic: AM5PR0801MB1329: X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB1329; 20:nnZx12vwaSGXJzPC1FGmY1FC0NmtEdEarbQQnKK1e0nrxYLLd1kchuD5mbjiFNGNOgsrrzxSg2tP0R2+6T2qKYcdvuD68J0r9vKprJvQiidnfHmQs6g1U98TMPtxXI0Wgv66EWCzvsXRs6pMzyLgnQ5dw31NOtIgK1fgSB8KcMdy55TGmapC2u7iwPtfOhsKo2H8AGLFjW9HY2fDHVvjPeQwiWu2/qy4ue9M+8iYPCz6BUISa5ap48UbsYOVi4/GcXmghhSE1cKsSVZ1RUktQrunVGzKXoCTDKc4YLUlulYid3K95z6DFwZMhJrGtxvIpQbyvQlmhy8uVkzjxjHF/2NNbVEQvh7G+oK3nBgQ92MiOajIIgDAeFn/GkRl89OiIlbt4jGOG9xYA3sIAf0cusygGCRfRwUobe0Tq/rfpDZHWKQLe9Ln6wC87XCgMj6dig1NU6bupa8XVb3Vqs/zI3jOVJbdU6CFVKPfpiZv8wI7nPYVzh8wH8DllYqweuvC; 4:Vlvt2mQcjYgvBceuadBYkQ/VdOoWQGcMaZoLdGD7FMfN+VL8aLSoXuMkfzg3B1ZysrTapAU8HT2dd5modDyHB8NTiVGc8wndvUJ5zhftH++irdnmOD2BvXnBxMhjibP4fPtRlLRSO2whXC4Aq+52nH8eyPFAtVxXw/IGHR8Be/c0KAyHAGN/6N+jrWUQu46YZekJHS67YSMmcHCKWROC1oxfkiUd9BHp4zlsQfIB/VBtoMChE8OFKBQYEiqqZCPmcdt504Zw2vw91Ct0MkwwotqFTiHKspuW7qmMGRle7Q3jrTpp8ip6flMvRRk3AeEQ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(93006095)(93001095)(10201501046)(3002001)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:AM5PR0801MB1329; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0801MB1329; X-Forefront-PRVS: 0626C21B10 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(396003)(376002)(366004)(39380400002)(346002)(39850400004)(52314003)(189003)(199004)(6506007)(68736007)(8676002)(6116002)(81156014)(316002)(3846002)(6666003)(105586002)(58126008)(956004)(5660300001)(446003)(59450400001)(50466002)(11346002)(39060400002)(386003)(81166006)(2906002)(55236004)(86362001)(575784001)(55016002)(23676004)(16526019)(7416002)(103116003)(7696005)(186003)(25786009)(486005)(2486003)(76176011)(8936002)(33896004)(52116002)(53936002)(305945005)(7406005)(230700001)(476003)(47776003)(106356001)(66066001)(478600001)(61506002)(486005)(9686003)(7736002)(97736004)(26005)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0801MB1329; H:localhost.localdomain; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTVQUjA4MDFNQjEzMjk7MjM6Q3JvOXVZOG1WYUF2c3g3SHhWUkN2Vklz?= =?utf-8?B?eUtDMjBoK1VyWHRDMy9pM2F3Z29EOXc4SzhRVFoxZGVlRkhZT25LRHdIS2h1?= =?utf-8?B?YjBDQTlibkE2QUxhMXNTbXlCdjk2TG1QWFFtQ0VUM0E1bCtnMTlvQUh4ZFd4?= =?utf-8?B?MEZkbEpITjMxQnJCWDltS2doeEFoanUyMGhxOHVaTTQwa3lYSlZJVUNLekE3?= =?utf-8?B?anBEekpKUW5kZS91SVRibDczYUp0STg3eVlwbDM1M1dUeTB1YWlyUXcrNjJY?= =?utf-8?B?SUxmakM5dit5c3hZS0NHajBTbXptWXVTU0djZGNhZE1FZzU3UFhCTTJQeVhO?= =?utf-8?B?WGRtOHo5ZjhUWm9veEwwWmQyUnpjV21QQ3plNVJIV1NZeFlrRkh6bkN0SlpW?= =?utf-8?B?L0NzQ0tuOUtNRHBaWldXRmQ0TjVxUWh5KzFrbjdNdXV1dTNITjRnWk0wTHUz?= =?utf-8?B?VUJlNVpaMzdTTjVWVXovTVhOaGhHb1dNN1krQkI4ekxraS9DNy9nalBjVGdk?= =?utf-8?B?RmwveDVYM0xGSkgrZG9UUGdkbWZQdkY5Z2NZSkpNNFBMY1lBN01oaG1lWXln?= =?utf-8?B?Z1FmQTJmbUlIN1JKTUg5Kzk0SlU0QTc0dWRWREVENXJCYkJkVUs2Y2FSWHIw?= =?utf-8?B?UkttbjJYY2FvZXJwaW4vL0ZvYXZ2blBQcmF1NUdTMUs0ZXVCM3lKUnlkZko4?= =?utf-8?B?L2Z1SjlrRFdoUWx0clY0eDg1SUVIU2NEelB4Z0l5Y0ErNVAxbzBITURSbDha?= =?utf-8?B?MHJRSUhzb1lQRWowVzdiWDZPbFFERWZFVVg5cEMyYkJPWFhSTjcwQ2lmUXJQ?= =?utf-8?B?NWhUeDI1WDhna0dDU3l0UHNodGllRW1mUEQvSS9Rb3RqMy9OcGQrNDFGbUt4?= =?utf-8?B?ZVVhN2NwTy9ENDNwQmx3Q1phUGNEVlBxZVZ4dXlOSmVQWWxQc20yT2JqVGxi?= =?utf-8?B?b3ZvS2FIeDBMbGNsTytydEszMU4yY04wWmJjQUhpeEdpOGU2UlhKK3lUV3FC?= =?utf-8?B?cWJ2Nm02RWtkNitnanhQeHA2aXFqM1FuZk5pTW5lMlFReFlnMW45dFNXSFA3?= =?utf-8?B?OTVrNS9OcXJLbThVcmxzOG14SzdXcFgzRVpZT2VubW5WZGRldWhUS3NjRzdI?= =?utf-8?B?WDZ1ek1md0VxZndOMlR2ZEhEK0pGKzhaZ0d1MmRpS0hrRTlkbUs2ODZDVnA0?= =?utf-8?B?UkxMY2ZvM1J4VmREc0diN3ZwelpZYzJ1c0NKazdxcDdyQSt0RTg1d2E0VUti?= =?utf-8?B?RkUyNlp4U0FsRU9rN0FXYzhUeWluanR6WUhwYWkwRE5zdy9lNzN5VDd3U21y?= =?utf-8?B?MFZjMDg3WFdBMGxoZTRjRFF4TndoTVR6ZTRsUDRHZ0ZkNXloR1kzVjFlYktQ?= =?utf-8?B?SDVIWGw4Wk9UL1Z6MTl2RzVCQ21HcUwwNXlDdFc5djFIZDdrckExZ2ExYnZJ?= =?utf-8?B?TzZjUjQyMXZuZlV1amJFRGU4RllCTFRrZC9xaThWYXNUUXlLQ2dJWC9zSmlv?= =?utf-8?B?ckJTRWNMZ1hNU3ZKWTBRaFBpS3ZnTFhrZ3BJYk9KazNXR29kaGdadk1GUHRk?= =?utf-8?B?c1RDcy8xMHE0QkM4dzlWUitjdGNRT0JkNFhuU3ZUMFZNTEF4SlExbStpVTBI?= =?utf-8?B?U01Pdk1GTHVhQ1M2RFduNURaeWloVFdqeEZ2dTRMcTI3MHpBU0QrTVhERnJP?= =?utf-8?B?a0dlZm5LR1IxVjBNRWJQNng3QklRR2I0Zlg0Q0QrbjhlT1JlZjluMUxXYVFT?= =?utf-8?B?N2hUanRoekVvZmNyL1IvTVljN2xsYk5ERDRBVk45V1BjQkk1d1lobGx6NzBn?= =?utf-8?B?RHFMTGt0QkZFRW9MOC9RMkZyS3VvM21DdUtvRjFxSGRZNVU2KzM0ZmVKejVs?= =?utf-8?B?REU5Sm11Yjk5allmaWhWOFdBY1lzSmw2UlNxLzFnMWR0M2U4MXJuR2tBRDk2?= =?utf-8?B?NnNtUmRtZVVSN3c9PQ==?= X-Microsoft-Antispam-Message-Info: a6ApMAjgNscE1lMRKeritWOANs7zcll9epkoQcTKaGmcInHZamMfSTbwj0qP/469uLmym+KE29xuExQki0XxS+zEVmJZJM6CEcoVCtHHvSy+0yVnRyo9z7BQx9sJfp+bUqDOQgTwy7dSjhdaMe7WiJ2SJYdVyk4daFZmeKjfY3LXC4QTnNW+kkWBzwBBAsYh X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB1329; 6:PkrV170yIj6pkSxFT06h1tYZYFIgJIJMM2Q12lZy387eyjJaJcQZHiGxkTx66eA6M33idxJFSxdKccrz32NGyDfVuht3v9RiVo56b9+Fk7JTxGrGldY3j/r0ZtdAQe7ZtZx2g2f1fBd2QxO3C6fIbXUiruRtQBZ5ccVz5Nll/7TL7yifau+kjEeMewScG9Pr+/s0F2AQz1qyvE0b1sHZEP2+V40zpLAfRI1yaLiZM3dJ+2lx2K2Sw01WiJzSFGHL+S1DrTPQELr+Ojk/7ZtMHhkyX6F0YehJ+1GUwhMNTit7lBQV/14+GiVj1j8/R7NI3ZRCWr+iAtWOpB6G/JRXJTmUJb6OkiPXGH2eyzXaEcqymzOPPV4rpEgFQATsSdKMhCQ2jdWRlx6NDtROuuNVs2LOpP5UeW8CzgnFd2vI9laPh3mUcrnDjlLV9F8alff9ytJeizbowi3lZeh7aMy1Sg==; 5:ld03MlTfSnL2gGjhAUU56L8yfn/fHB+YrF4X6cbwdiKecVqu2Mzb3CagYOXRhj4ArjTfyFiKEM77iDI0WuwHrmlV5jqFH5VFc0TTZNcdkvJXWexgM5Mxn1Zskfvlf5lcZXKGIlg6rRq9GOv5E1J3urtbc3mnVvd88tPNvoUToAE=; 24:LwbC8bB3VfDksuWrwhmdsGP7PvcQoFRi8t5sExM3q0ZDypzp1uFN61b5atcGx6XxM65fP424d/LRs3HmNeyXGq8L3AUTSZYpnxOPtB9y2mw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB1329; 7:2He21ZnKakQW9K6tfOS2PTxvr6lyikMH+CynYYUiUAqNNJovLOs4y4TU+i8G+UuCAZU0Q1dAOp+DxbyHyebhlulcPM0EWDl4MPaviuKrJ3akToOWtOkkmLYT+ggvUKImmVFiigbXnhOYM/dH/3ryU3+O1fjxNFQwWWJS5u2pTkw+MNahEtm0qZUhsCaTLztN1EiNNBvVbpx8RaxZqYUPLqecrAXiEcJNV7701VLifJw8pafyhXtlgVvsIv/DSGqe; 20:TTIsD9dd4PTNtuqrNRoz0dpj/1FAKAcP3nleNeKmCYk46eHVLjy0wxo4aDai2UlWgdpa89hBSFPGc1dkPBtciI2h8tRctfdh6WJMqqzlxOxZaTW8BgF+4IRiNBeKBA0gcGPH51/EkKbJ8/35vLNg0eFVE7pIliLqUTO5REPc6ZA= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2018 16:20:36.0890 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 25076468-3e42-41a5-2a69-08d5959102a0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB1329 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP rtnl_lock() is used everywhere, and contention is very high. When someone wants to iterate over alive net namespaces, he/she has no a possibility to do that without exclusive lock. But the exclusive rtnl_lock() in such places is overkill, and it just increases the contention. Yes, there is already for_each_net_rcu() in kernel, but it requires rcu_read_lock(), and this can't be sleepable. Also, sometimes it may be need really prevent net_namespace_list growth, so for_each_net_rcu() is not fit there. This patch introduces new rw_semaphore, which will be used instead of rtnl_mutex to protect net_namespace_list. It is sleepable and allows not-exclusive iterations over net namespaces list. It allows to stop using rtnl_lock() in several places (what is made in next patches) and makes less the time, we keep rtnl_mutex. Here we just add new lock, while the explanation of we can remove rtnl_lock() there are in next patches. Fine grained locks generally are better, then one big lock, so let's do that with net_namespace_list, while the situation allows that. Signed-off-by: Kirill Tkhai --- drivers/infiniband/core/roce_gid_mgmt.c | 2 ++ include/linux/rtnetlink.h | 1 + include/net/net_namespace.h | 1 + net/core/dev.c | 5 +++++ net/core/fib_notifier.c | 2 ++ net/core/net_namespace.c | 18 +++++++++++++----- net/core/rtnetlink.c | 5 +++++ net/netfilter/nf_conntrack_core.c | 2 ++ net/openvswitch/datapath.c | 2 ++ net/wireless/wext-core.c | 2 ++ security/selinux/include/xfrm.h | 2 ++ 11 files changed, 37 insertions(+), 5 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/infiniband/core/roce_gid_mgmt.c b/drivers/infiniband/core/roce_gid_mgmt.c index 5a52ec77940a..cc2966380c0c 100644 --- a/drivers/infiniband/core/roce_gid_mgmt.c +++ b/drivers/infiniband/core/roce_gid_mgmt.c @@ -403,10 +403,12 @@ static void enum_all_gids_of_dev_cb(struct ib_device *ib_dev, * our feet */ rtnl_lock(); + down_read(&net_rwsem); for_each_net(net) for_each_netdev(net, ndev) if (is_eth_port_of_netdev(ib_dev, port, rdma_ndev, ndev)) add_netdev_ips(ib_dev, port, rdma_ndev, ndev); + up_read(&net_rwsem); rtnl_unlock(); } diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h index c7d1e4689325..5225832bd6ff 100644 --- a/include/linux/rtnetlink.h +++ b/include/linux/rtnetlink.h @@ -37,6 +37,7 @@ extern int rtnl_lock_killable(void); extern wait_queue_head_t netdev_unregistering_wq; extern struct rw_semaphore pernet_ops_rwsem; +extern struct rw_semaphore net_rwsem; #ifdef CONFIG_PROVE_LOCKING extern bool lockdep_rtnl_is_held(void); diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 1ab4f920f109..47e35cce3b64 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -291,6 +291,7 @@ static inline struct net *read_pnet(const possible_net_t *pnet) #endif } +/* Protected by net_rwsem */ #define for_each_net(VAR) \ list_for_each_entry(VAR, &net_namespace_list, list) diff --git a/net/core/dev.c b/net/core/dev.c index e13807b5c84d..eca5458b2753 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1629,6 +1629,7 @@ int register_netdevice_notifier(struct notifier_block *nb) goto unlock; if (dev_boot_phase) goto unlock; + down_read(&net_rwsem); for_each_net(net) { for_each_netdev(net, dev) { err = call_netdevice_notifier(nb, NETDEV_REGISTER, dev); @@ -1642,6 +1643,7 @@ int register_netdevice_notifier(struct notifier_block *nb) call_netdevice_notifier(nb, NETDEV_UP, dev); } } + up_read(&net_rwsem); unlock: rtnl_unlock(); @@ -1664,6 +1666,7 @@ int register_netdevice_notifier(struct notifier_block *nb) } outroll: + up_read(&net_rwsem); raw_notifier_chain_unregister(&netdev_chain, nb); goto unlock; } @@ -1694,6 +1697,7 @@ int unregister_netdevice_notifier(struct notifier_block *nb) if (err) goto unlock; + down_read(&net_rwsem); for_each_net(net) { for_each_netdev(net, dev) { if (dev->flags & IFF_UP) { @@ -1704,6 +1708,7 @@ int unregister_netdevice_notifier(struct notifier_block *nb) call_netdevice_notifier(nb, NETDEV_UNREGISTER, dev); } } + up_read(&net_rwsem); unlock: rtnl_unlock(); return err; diff --git a/net/core/fib_notifier.c b/net/core/fib_notifier.c index 0c048bdeb016..614b985c92a4 100644 --- a/net/core/fib_notifier.c +++ b/net/core/fib_notifier.c @@ -33,6 +33,7 @@ static unsigned int fib_seq_sum(void) struct net *net; rtnl_lock(); + down_read(&net_rwsem); for_each_net(net) { rcu_read_lock(); list_for_each_entry_rcu(ops, &net->fib_notifier_ops, list) { @@ -43,6 +44,7 @@ static unsigned int fib_seq_sum(void) } rcu_read_unlock(); } + up_read(&net_rwsem); rtnl_unlock(); return fib_seq; diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b5796d17a302..7fdf321d4997 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -33,6 +33,10 @@ static struct list_head *first_device = &pernet_list; LIST_HEAD(net_namespace_list); EXPORT_SYMBOL_GPL(net_namespace_list); +/* Protects net_namespace_list. Nests iside rtnl_lock() */ +DECLARE_RWSEM(net_rwsem); +EXPORT_SYMBOL_GPL(net_rwsem); + struct net init_net = { .count = REFCOUNT_INIT(1), .dev_base_head = LIST_HEAD_INIT(init_net.dev_base_head), @@ -309,9 +313,9 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) if (error < 0) goto out_undo; } - rtnl_lock(); + down_write(&net_rwsem); list_add_tail_rcu(&net->list, &net_namespace_list); - rtnl_unlock(); + up_write(&net_rwsem); out: return error; @@ -450,7 +454,7 @@ static void unhash_nsid(struct net *net, struct net *last) * and this work is the only process, that may delete * a net from net_namespace_list. So, when the below * is executing, the list may only grow. Thus, we do not - * use for_each_net_rcu() or rtnl_lock(). + * use for_each_net_rcu() or net_rwsem. */ for_each_net(tmp) { int id; @@ -485,7 +489,7 @@ static void cleanup_net(struct work_struct *work) down_read(&pernet_ops_rwsem); /* Don't let anyone else find us. */ - rtnl_lock(); + down_write(&net_rwsem); llist_for_each_entry(net, net_kill_list, cleanup_list) list_del_rcu(&net->list); /* Cache last net. After we unlock rtnl, no one new net @@ -499,7 +503,7 @@ static void cleanup_net(struct work_struct *work) * useless anyway, as netns_ids are destroyed there. */ last = list_last_entry(&net_namespace_list, struct net, list); - rtnl_unlock(); + up_write(&net_rwsem); llist_for_each_entry(net, net_kill_list, cleanup_list) { unhash_nsid(net, last); @@ -900,6 +904,9 @@ static int __register_pernet_operations(struct list_head *list, list_add_tail(&ops->list, list); if (ops->init || (ops->id && ops->size)) { + /* We held write locked pernet_ops_rwsem, and parallel + * setup_net() and cleanup_net() are not possible. + */ for_each_net(net) { error = ops_init(ops, net); if (error) @@ -923,6 +930,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) LIST_HEAD(net_exit_list); list_del(&ops->list); + /* See comment in __register_pernet_operations() */ for_each_net(net) list_add_tail(&net->exit_list, &net_exit_list); ops_exit_list(ops, &net_exit_list); diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 2d3949789cef..e86b28482ca7 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -418,9 +418,11 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops) { struct net *net; + down_read(&net_rwsem); for_each_net(net) { __rtnl_kill_links(net, ops); } + up_read(&net_rwsem); list_del(&ops->list); } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); @@ -438,6 +440,9 @@ static void rtnl_lock_unregistering_all(void) for (;;) { unregistering = false; rtnl_lock(); + /* We held write locked pernet_ops_rwsem, and parallel + * setup_net() and cleanup_net() are not possible. + */ for_each_net(net) { if (net->dev_unreg_count > 0) { unregistering = true; diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 705198de671d..370f9b7f051b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1764,12 +1764,14 @@ nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), void *data) struct net *net; rtnl_lock(); + down_read(&net_rwsem); for_each_net(net) { if (atomic_read(&net->ct.count) == 0) continue; __nf_ct_unconfirmed_destroy(net); nf_queue_nf_hook_drop(net); } + up_read(&net_rwsem); rtnl_unlock(); /* Need to wait for netns cleanup worker to finish, if its diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index ef38e5aecd28..9746ee30a99b 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -2364,8 +2364,10 @@ static void __net_exit ovs_exit_net(struct net *dnet) __dp_destroy(dp); rtnl_lock(); + down_read(&net_rwsem); for_each_net(net) list_vports_from_net(net, dnet, &head); + up_read(&net_rwsem); rtnl_unlock(); /* Detach all vports from given namespace. */ diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index 9efbfc753347..544d7b62d7ca 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c @@ -349,11 +349,13 @@ void wireless_nlevent_flush(void) ASSERT_RTNL(); + down_read(&net_rwsem); for_each_net(net) { while ((skb = skb_dequeue(&net->wext_nlevents))) rtnl_notify(skb, net, 0, RTNLGRP_LINK, NULL, GFP_KERNEL); } + up_read(&net_rwsem); } EXPORT_SYMBOL_GPL(wireless_nlevent_flush); diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 1f173a7a4daa..31d66431be1e 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h @@ -48,8 +48,10 @@ static inline void selinux_xfrm_notify_policyload(void) struct net *net; rtnl_lock(); + down_read(&net_rwsem); for_each_net(net) rt_genid_bump_all(net); + up_read(&net_rwsem); rtnl_unlock(); } #else